Getting Started with Server Core

Today we're going to get started with Windows Server 2008 Server Core. First, let's talk about what the Server Core installation is (and what it is not!). Server Core is a minimal environment to run specific server roles, which reduces the maintenance and management requirements and the attack surface for those roles. The following roles are supported on Server Core. At this time, we are still working with the Beta 3 build of Server 2008, so additional roles may be available at Product Launch.

AD Domain Services

AD Lightweight Directory Services

DHCP Server

DNS Server

File Server

Print Server

Streaming Media Services

Note: Microsoft recently announced that IIS7 would be available as a Server Core role, however the Beta 3 build does not have IIS support. The IIS Role on Server Core does not include support for .NET. There is also no support for GUI management tools. However, according to Bill Staples' blog, .NET support is still being discussed ...

When you look at what Server Core offers, the roles available are ideal for a branch office deployment scenario where there are limited (or no) IT resources remotely and all management is centralized. So let's get started with our installation. For this Server Core install, I am setting up a File & Print Server in a Virtual Environment for my own testing. I allocated 20GB for the Hard Drive and 256MB of RAM for my VM ... so on with the installation! The first few screens are fairly standard - choosing the installation language, the regional options (time and currency format) and my keyboard layout. However, I did run into one minor glitch ...

Welcome to the Server Core User Interface. There is no traditional UI, only a command prompt. All the management and administration is performed locally via the command prompt, or remotely using a Terminal Server connection, the Microsoft Management Console (MMC) or via command-line tools that support remote use.

Today, we're going to get a few basic tasks accomplished:

Change the Administrator password

Set the IP Address of the server

Rename the server

Join the Domain

In other words - getting all the prep work done to make this a File & Print Server. So the first thing we're going to do is set the password for the Administrator user account. We can accomplish this by using the Net User Administrator * command. Using the * character means that the password is not displayed on the screen as shown below:

So now that the password is changed, we need to verify network connectivity for the server. We are going to set an IPv4 address on this machine. Since this machine is on our corporate network, we will be using DHCP to get our address, but we're going to go through the process to set up a Static IP as well as configuring this machine as a DHCP client. But, before we can set any addresses, we need to know which interface we are working with. To display a list of interfaces, we use the Netsh interface ipv4 show interfaces command:

We can see that there are two interfaces, the Local Area Connection and the Loopback interface (remember, this is a Virtual Machine). Make a note of the number shown in the Idx column of the output for your network adapter. If your computer has more than one network adapter make a note of the number corresponding to the network adapter for which you wish to set a static IP address. To set a Static IP address, we use the following command: netsh interface ipv4 set address name="ID" source=static address=StaticIP mask=SubnetMask gateway=DefaultGateway where:

ID is the number from step 2 above

StaticIP is the static IP address you are setting

SubnetMask is the subnet mask for the IP Address

DefaultGateway is the default gateway

Notice that we didn't set up any DNS servers for this machine. To add a DNS Server, we use the following command: netsh interface ipv4 add dnsserver name=interfaceid address=ipofdnsserver index=1. For each DNS server you set, you need to increment the index number by 1.

But for this server to be functional on our corporate network here, I need to switch back to DHCP. This is done via the following command: netsh interface ipv4 set address name="ID" source=dhcp

And that's it - I'm back on the corporate network. I'm almost ready to join this machine to the domain. Before doing that, I want to make sure that the server has a friendly name. As you go through the setup, you'll notice that there was no prompt to define the server's name - so what you end up with is an auto-generated name as shown below:

There's no way I'm ever going to remember LH-QU6Z6TS52XSS, so I need to rename the server to CC-LHSCORE-B3. Using the Netdom command we can change the computer name as shown above. As with any server name change, the server has to be rebooted for the rename to be completed. And after the reboot ... a familiar screen:

Now the CC-LHSCORE-B3 server is ready to join the domain. Again, we're going to use the Netdom command to join the domain: netdom join ComputerName /domain:DomainName /userd:UserName /passwordd:*. Before I reboot for the domain join to take effect, I want to make sure that I add my domain user account to the local administrators group. I can do this with the following command: Net localgroup administrators /add DomainName\UserName. Now I'm ready to reboot and log in with my domain user account and work on getting the server set up as a File & Print server. You can use the Ctrl+Alt+Del key combination to bring up the familiar menu which allows you to launch Task Manager as well as restart or lock the machine. You could also use the shutdown command to restart the machine.

And that brings us to the end of our quick walkthrough on getting a Server Core install up and running and ready for configuration. In the next Server Core post, we'll cover adding the Print Services role to the server and configuring some printers. Until next time ...

Surely someone in Redmond will be slapped to their senses soon and realize the need to eliminate that black box cutely referred to as the "command line." If I want a command line, I'll travel back to 1983, thanks.

Don't try to sell me that, because I'm not going to purchase ANYTHING that requires an employee to be able to remember a convoluted syntax:

if you need the UI, just install one of the more feature-full Windows Server 2008 version.

It's that simple.

Ryan

17 Jul 2007 9:50 PM

KGreene, get a clue. This isn't about making things easier and prettier, it's about limiting attack surfaces and resource requirements. It lets admins run servers that only run specific roles.

Dan

18 Jul 2007 2:46 AM

I've been using Windows Server products for years, and this is _not_ the direction I want to go. Reducing the attack surface is desirable, but not if it requires too much time to implement, or requires a lot of arcane syntax. I'll do what Chris O. said.

Look people. If the command line is not the direction you want to go...then don't look over here. Just forget that Server Core even existed. It is an option in windows that I have been waiting to see for years. Why? Not only does it limit the attack surface but it limits the resource footprint. Now I finally have an option to deploy a dedicated box that will do one thing and one thing well. No extra memory needed to run explorer, or 100 other tools I don't need. So go back to your bloated cushy server interface, and leave those of us alone that can handle a command line. It is not hurting you. Microsoft is not going to take away th GUI. So what is the issue?

Server Core is an EXCELLENT direction to move in. Please do not let those in here trashing it lower your spirits.

This is why many Unix/Linux/etc. administrators laugh at most people who consider themselves a Windows "admin". Most of those self proclaimed admins cannot survive without a GUI of some kind because they are no more than a hack with little to no real skill. Thank you Windows team for making server core a reality, many of us appreciate it!

I cannot wait to deploy some DCs in this method, basically making them appliances which cannot be screwed with.

Ken

14 Sep 2007 1:52 AM

Sorry, but requiring 512Mb to run a print server is not reducing the footprint to run a single task!

How does not running MMC locally on a machine that clearly has a functional GUI, while allowing remote RPC, reduce the attack surface?

JamesMc

2 Oct 2007 10:01 PM

I agree that this is a good direction for MS. We are looking to centralize our server infrastructure where I work. Being able to install a specialized appliance version of Windows Server handling DHCP/DNS/ and print services reduces energy, management, and cost requirements for those all so needy remote offices.

I've been looking at microITX boxes using a 6GB flash drive to run 2008 core. Has anyone tried this?